what you don't know can hurt you
Showing 1 - 25 of 36 RSS Feed

Files from Tobias Klein

Email addresstk at trapkit.de
First Active2005-11-08
Last Active2012-03-03
VLC Media Player RealText Subtitle Overflow
Posted Mar 3, 2012
Authored by Tobias Klein, SkD, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in VideoLAN VLC versions prior to 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.

tags | exploit, overflow
advisories | CVE-2008-5036, OSVDB-49809
MD5 | f295ecc1bff79f3602400c7e2760ad65
iDefense Security Advisory 10.12.11 - OfficeImport
Posted Oct 14, 2011
Authored by iDefense Labs, Tobias Klein | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, apple
advisories | CVE-2011-3260
MD5 | 5be9a2a7bd6b00e01076afcf5ce05ab9
iDEFENSE Security Advisory 2011-03-21.1
Posted Mar 22, 2011
Authored by iDefense Labs, Tobias Klein

iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.

tags | advisory, remote, arbitrary
systems | apple, osx
MD5 | 67158fe79635302f382084271d037e56
iDEFENSE Security Advisory 2010-11-11.1
Posted Nov 12, 2010
Authored by iDefense Labs, Tobias Klein | Site idefense.com

iDefense Security Advisory 11.11.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a maliciously constructed Excel record. Specific values within this record can trigger a memory corruption vulnerability, and result in values from the file being used as function pointers. This allows an attacker to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2010-3786
MD5 | b915b7843dfde8af1661dd02354de92c
Process Dumper 1.1 Windows Version
Posted Apr 23, 2010
Authored by Tobias Klein

Process Dumper is able to make a dump of a running process in a forensical manner. Windows version.

tags | tool, forensics
systems | windows
MD5 | 8efee716239f7469c5ae7287f80ffcf9
Process Dumper 1.1 Linux Version
Posted Apr 23, 2010
Authored by Tobias Klein

Process Dumper is able to make a dump of a running process in a forensical manner. Linux version.

tags | tool, forensics
systems | linux
MD5 | cef64875bc5729241af787f2e8319a56
ScoopyNG - The VMware Detection Tool
Posted Apr 23, 2010
Authored by Tobias Klein

ScoopyNG combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system. ScoopyNG should work on all modern uni-, multi- and multi-core cpu's. ScoopyNG is able to detect VMware even if "anti-detection-mechanisms" are deployed.

MD5 | 14e7965520f0c686841c82a156b4d16d
Google Chrome 4.1.249.1042 Array Indexing Bug
Posted Apr 3, 2010
Authored by Tobias Klein

Google Chrome is vulnerable to an out-of-bounds array indexing bug, caused by the improper handling of FTP PWD command server responses. By persuading a victim to visit a specially-crafted web site containing an iframe pointing to a malicious FTP server, a remote attacker could exploit this bug and cause the browser to crash. Versions 4.1.249.1042 (Build 42199) and below are affected. Proof of concept included.

tags | exploit, remote, web, proof of concept
MD5 | 6cf5d03d7015bef5d2b673219a9c1a71
WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
Posted Mar 4, 2010
Authored by Tobias Klein, Elazar Broad, Guido Landi | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If an long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It is noteworthy that this vulnerability was discovered and reported by multiple independent researchers.

tags | exploit, overflow, activex
advisories | CVE-2008-3558
MD5 | f2d99a88beab4e4dd35711d91502b078
Avast! 4.8 / 5.0 Kernel Memory Corruption
Posted Feb 25, 2010
Authored by Tobias Klein | Site trapkit.de

Avast! versions 4.8 and 5.0 suffer from a aavmker4.sys kernel memory corruption vulnerability.

tags | advisory, kernel
MD5 | c9b0429e48b63fc58baca33f1db8e134
Solaris / OpenSolaris UCODE_GET_VERSION ioctl Denial Of Service
Posted Feb 9, 2010
Authored by Tobias Klein | Site trapkit.de

This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris.

tags | exploit, denial of service, kernel, proof of concept
systems | solaris
advisories | CVE-2010-0453
MD5 | 2a0447bcfa866c531eb52571f1f41998
Oracle Denial Of Service
Posted Feb 2, 2010
Authored by Tobias Klein | Site trapkit.de

The kernel of Oracle Solaris contains a vulnerability in the code that handles UCODE_GET_VERSION IOCTL requests. The vulnerability allows a local unprivileged user the ability to panic a Solaris x86 Intel-based system (32-bit/64-bit mode) due to a NULL pointer dereference. The ability to panic a system is a type of Denial of Service (DoS). The issue can be triggered by sending a specially crafted IOCTL request to the kernel.

tags | advisory, denial of service, x86, kernel, local
systems | solaris
advisories | CVE-2010-0453
MD5 | a625a05dbe3bf51935d87b27f3b2efd6
Apple iPhone OS AudioCodecs Heap Buffer Overflow
Posted Sep 15, 2009
Authored by Tobias Klein | Site trapkit.de

The iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. The vulnerability may be exploited by an attacker to execute arbitrary code in the context of an application using the vulnerable library. One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone.

tags | advisory, overflow, arbitrary
systems | apple, iphone
advisories | CVE-2009-2206
MD5 | 7f39b1d5a81189a101b54835e25baf3b
libsndfile/Winamp VOC Heap Buffer Overflow
Posted May 19, 2009
Authored by Tobias Klein | Site trapkit.de

lidsndfile versions 1.0.19 and below and Winamp versions 5.552 and below suffer from a VOC processing heap buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 68ddfa92158bdd1e4441462f632c2d6e
xine-lib Quicktime STTS Atom Integer Overflow
Posted Apr 6, 2009
Authored by Tobias Klein | Site trapkit.de

Xine-lib contains an integer overflow vulnerability while parsing malformed STTS atoms of Quicktime movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of an application using the xine library. Versions 1.1.16.2 and below are affected.

tags | advisory, remote, overflow, arbitrary
MD5 | 260eae7eabcdd414d0278b9336fc0f80
FFmpeg Type Conversion Vulnerability
Posted Jan 28, 2009
Authored by Tobias Klein | Site trapkit.de

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

tags | advisory, remote, arbitrary
MD5 | dd56cfecdc4a747833960ffef4afac59
GStreamer Heap Overflow And Out Of Bounds
Posted Jan 23, 2009
Authored by Tobias Klein | Site trapkit.de

GStreamer gst-plugins-good versions below 0.10.12 suffer from heap overflow and array index out of bounds vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 5cc5a720e6c759db400f4b17ebb7e9ed
Amarok Integer Overflow / Unchecked Allocation Vulnerabilities
Posted Jan 12, 2009
Authored by Tobias Klein | Site trapkit.de

Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.

tags | advisory, remote, overflow, arbitrary, vulnerability
MD5 | 77f097e6672c55128e43eb1f9eb42c54
Sun Solaris aio_suspend() Kernel Integer Overflow
Posted Jan 12, 2009
Authored by Tobias Klein | Site trapkit.de

Sun Solaris suffers from an aio_suspend() kernel integer overflow vulnerability.

tags | advisory, overflow, kernel
systems | solaris
MD5 | ba910d80c3c8f76329e6d6d34d82c90b
Sun Solaris NULL Pointer
Posted Dec 22, 2008
Authored by Tobias Klein | Site trapkit.de

Sun Solaris suffers from a SIOCGTUNPARAM IOCTL kernel null pointer vulnerability.

tags | advisory, kernel
systems | solaris
MD5 | 430f2aa535b8d9102e09f85f2105c3db
MPlayer TwinVQ Processing Stack Buffer Overflow
Posted Dec 15, 2008
Authored by Tobias Klein | Site trapkit.de

MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer. Versions 1.0rc2 below r28150 and SVN trunk below r28149 are affected.

tags | advisory, remote, overflow, arbitrary
MD5 | 2357cb0df2cda23185c7480219ee1a89
TKADV2008-013.txt
Posted Dec 1, 2008
Authored by Tobias Klein | Site trapkit.de

VLC media players versions below 0.9.7 suffer from a RealMedia processing integer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2008-5276
MD5 | 53dd0932afc1be3807df1da75a8a9fd0
TKADV2008-012.txt
Posted Nov 7, 2008
Authored by Tobias Klein | Site trapkit.de

The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions below 0.9.6 are affected.

tags | advisory, remote, overflow, arbitrary
MD5 | 4c33a1a5286ab12e56c41f2d4c83e2c8
TKADV2008-011.txt
Posted Nov 7, 2008
Authored by Tobias Klein | Site trapkit.de

The VLC media player contains a stack overflow vulnerability while parsing malformed RealText (rt) subtitle files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions below 0.9.6 are affected.

tags | advisory, remote, overflow, arbitrary
MD5 | 4897e67b9a474afe06193251cd1fd8bb
TKADV2008-010.txt
Posted Oct 21, 2008
Authored by Tobias Klein | Site trapkit.de

The VLC media player contains a stack overflow vulnerability while parsing malformed TiVo ty media files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions 0.9.4 and below are affected.

tags | advisory, remote, overflow, arbitrary
MD5 | 5b2180e596b2d2a5de7688d9755dad0b
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close